Fitness First or Safety First? Examining Adverse Consequences of Privacy Seals in the Event of a Data Breach.

Data breaches are increasing, and fitness trackers have proven to be an ideal target, as they collect highly sensitive personal health data and are not governed by strict security guidelines. Nevertheless, companies encourage their customers to share data with the fitness tracker using privacy seals, gaining their trust without ensuring security. Since companies cannot guarantee security, the question arises on how privacy seals work after not keeping the security promise. This study examines the possibilities to mitigate the consequences of data breaches in advance to maintain the continuance intention. Expectation-confirmation theory (ECT) and privacy assurance statements as a shaping of privacy seals are used to influence customer expectations regarding the data security of fitness trackers in the run-up to a data breach. Results show that the use of privacy assurance statements leads to high-security expectations, and failure to meet these has a negative impact on satisfaction and thus continuance intention

A TAXONOMY OF MACHINE LEARNING-BASED FRAUD DETECTION SYSTEMS

As fundamental changes in information systems drive digitalization, the heavy reliance on computers today significantly increases the risk of fraud. Existing literature promotes machine learning as a potential solution approach for the problem of fraud detection as it is able able to detect patterns in large datasets efficiently. However, there is a lack of clarity and awareness on which components and functionalities of machine learning-based fraud detection systems exist and how these systems can be classified consistently. We draw on 54 identified relevant machine learning-based fraud detection systems to address this research gap and develop a taxonomic scheme. By deriving three archetypes of machine learning-based fraud detection systems, the taxonomy paves the way for research and practice to understand and advance fraud detection knowledge to combat fraud and abuse

How Different Types of IS Assets Account for Synergy-Enabled Value in Multi-Unit Firms: Mapping of Critical Success Factors and Key Performance Indicators

Rooted in a longstanding tradition, research and practice strives to determine how to derive business value from IT investments. This applies particularly to the neglected research area of multi-unit firms, where there is still a high potential to enhance IT synergies. Our study addresses important research gaps in IT business value research. First, we investigate how different of types of IS assets, i.e., infrastructural, transactional, and strategic IS, account for cross-unit synergies to create business value. Second, we map critical success factors and key performance indicators of this value creation process in order to open the “grey box” in IT business value research. An explorative multiple-case study methodology with five case sites is applied. Our results reveal that these different types of IS assets account for a different degree of cost and value synergies, support diverse critical success factors, and require distinct measurement approaches in the form of KPIs

How do employees learn security behavior? Examining the influence of individual cultural values and social learning on ISP compliance behavior.

Recent research on information security has recognized that cultural differences need to be considered, when explaining information security policy compliance behavior (ISPCB). There is also evidence that social mechanisms, such as social learning can influence ISPCB. What existing research has neglected is a relationship between such social mechanisms and their relation to employee’s individual cultural values to explain ISPCB, whereby current research shows that ISPCB as well as social learning are culture-dependent. This study examines (1) the impact of social learning on ISPCB and (2) the influence of cultural values on social learning mechanisms and their association with ISPCB. Our sample, consisting of employees related to information systems, confirm a connection between the mechanisms of SLT and ISPCB and their cultural dependence. In conclusion, we defined implication points of our theoretical research and practical recommendations. A description of future research suggestions concludes this paper

Is Social Learning Always Helpful? Using Quantile Regression to Examine the Impact of Social Learning on Information Security Policy Compliance Behavior.

Social learning theory has attracted increasing attention in recent years in terms of its use to study information security policy non-compliance behavior. But previous results of studies in the field of information security have been rather heterogeneous. various influencing factors have been considered within the framework of social learning theory. Previous studies quantitatively assess the effectiveness of social learning by relying on mean-based regression methods. In contrast, we intend to apply quantile regression to provide a new perspective on the subject. Therefore, we estimate the overall impact of social learning interventions and uncover how their impact differs among employees with different propensities (quantiles) for information security policy compliance behavior—an important finding for determining safety interventions for specific employee groups. Based on data collected in Germany, our results show significantly different effects in the analyzed quantile aspects of imitations and differential reinforcement

The Double-Edged Sword of Health Data Breaches: A Comparison of Customer and Stock Price Perspectives on the Impact of Data Breaches of Response Strategies

Unauthorized access to personal health data, known as data breaches, causes multi-faceted adverse effects and damage. Companies are trying to counteract the impact on customer relationships through recovery strategies such as compensation. On the other hand, there is also a negative effect on the company's stock price. Here, the literature suggests an opposite effect of response strategies, but this has not been explored further until recently. Our study takes both perspectives into account and examines the impact of data breaches on the market valuation in the health sector through an event study. Our results show a controversial relationship: If companies offered compensation to their customers in response to a data breach, this had a negative effect on the company's stock price. Our paper discusses this finding and derives practical implications and lessons learned for response strategies in the case of recent data breaches in the health sector

DIMENSIONS OF TRUST IN THE ACCEPTANCE OF INTER-ORGANIZATIONAL INFORMATION SYSTEMS IN NETWORKS: TOWARDS A SOCIO-TECHNICAL PERSPECTIVE

In the context of collaborative networks, networked inter-organizational information systems (IOIS) play a major role by providing a shared virtual space for the informal exchange of semi-structured or unstructured knowledge. Since IT support is seen as crucial for the whole network endeavor, the perspective of system acceptance becomes important. However, discussing IS adoption at the interorganizational level brings trust into the story. Building upon socio-technical theory, this study seeks to understand the role of two dimensions of trust in the acceptance of networked IOIS. A theoretical model is developed and subsequently tested with a sample of 121 German network organizations. Network trust reveals to be important for the perceived usefulness of the system, as the main benefit comes from members’ participation. Trust in technology shows to be an even more relevant determinant for the attitude towards the system. We suggest that future adoption studies should pay more attention on the interplay of both the social- as well as the technical-relations

Towards a Taxonomy of Information Security Policy Non-Compliance Behavior

Due to the increasing digitalization of our society, IT security professionals must implement even more effective security measures to meet the growing information security requirements of their organizations. To target and effectively deploy these measures in the best possible way, they must consider different types of behaviors that might lead to information security threats. Regarding this issue, current research offers little for clarity to security professionals when it comes to understanding and differentiating the various types of behavior. Therefore, this research aims to develop a taxonomy to classify different types of information security policy non-compliance behavior. Our results present a taxonomy with five dimensions, each containing mutually exclusive and collectively exhaustive characteristics. Our results provide a basis for a more specific analysis of different types of information security policy non-compliance behavior and can be used for more comprehensive development and analysis of appropriate security measures

Synthesizing and Integrating Research on IT-Based Value Cocreation: A Meta-Analysis

IT value research has witnessed growing interest in the use of joint IT resources and capabilities following recent shifts in market competition from the firm to the network level. Despite research efforts in this domain, there remain substantial inconsistencies in the IT value cocreation literature regarding the effect of interorganizational IT on business value and the role of methodological and contextual factors. Drawing on the resource-based view and the relational view of the firm, we conducted a meta-analysis to synthesize and integrate the body of knowledge of IT-based value cocreation. Our analysis of 80 studies, encompassing 21,843 observations, highlights the value-generating effect of four interorganizational IT capabilities: IT-based relation-specific assets, IT-based knowledge sharing, IT-based complementary capabilities, and IT-based governance. Insights from our preliminary meta-analysis reveal that contradictory findings are driven by the conceptualization of IT variables as interorganizational IT resources. A further moderator meta-analysis explains divergent empirical findings in the literature. We find that the use of relational-level value and perceptual measures, use of single respondents, and the context of developing countries and supply chain and networked interdependencies result in larger estimates of business value. In contrast, the use of network-level, firm-level, and objective measures; use of matched-pair approaches; and the context of developed countries and pooled interdependencies result in smaller estimates. Overall, this paper provides clarity and structure to the current understanding of the research field by providing explanations for inconsistent findings as well as a foundation for future research and theory development

SYNTHESIZING AND INTEGRATING RESEARCH ON IT-BASED VALUE CO-CREATION: A META-ANALYSIS

Recently, competition has shifted from the firm to the network level. Following this path, a growing stream in IT value research has emerged, aiming to understand how multiple firms create value through joint IT resources and capabilities. Despite the efforts made thus far, there are inconsistencies regarding construct definitions and divergent empirical findings. In this paper, we synthesize and integrate the body of knowledge on IT-based value co-creation. Drawing on the relational view, we first synthesize the existing empirical findings. The results of a meta-analysis of 72 studies encompassing 33,732 observations underline the importance of four sources of IT value: IT-based inter-organizational assets, IT-based knowledge sharing, IT-based complementary capabilities, and IT-based governance. A further moderator meta-analysis integrates divergent empirical findings in the literature. We find that objective measures dampen the relationship between inter-organizational IT and business value, while process-level measures and IT capabilities strengthen it. Moreover, we find evidence for higher value impacts in developing countries and an influence of inter-organizational relationship types. This study contributes by clarifying the IT-business value relationship and offers insights into sources of inconsistencies in IT-based value co-creation studies. By doing so, this paper lays a foundation for future research and theory development